Is it possible to give users access to Central Admin but deny them access to change security or permissions.

For example, they can do everything from creating a web application, service application, to doing backups but be unable to do basic things such as giving users access to Central Admin or even deleting them.

Can you elaborate a bit more as to why you need this? End users creating web apps and service apps in SharePoint is the stuff of admin nightmares
–
Dave WiseJan 9 '12 at 17:13

Yes, you right Dave. This is for Admins - ofcourse we can't give users access to central admin. We basically looking for a way where we can actually use one account for basic SharePoint Admin tasks. We don't want Admins giving their accounts to CA for security reasons.
–
SepakaJan 10 '12 at 13:01

1 Answer
1

I don't believe this can be done at least not without some really heavy customization. Maybe you can mimic the entire CA with custom application pages but then you are reinventing the SP.

In SP2010 you have 2 permission groups for CA: Farm Administrators and Delegated Administrators. If you like to explore more read: SharePoint 2010 Delegated Administration but this doesn't solve your issue.